From 6053317ab1931770c1c8f2a1c0322944730ce9bc Mon Sep 17 00:00:00 2001
From: none <Mystikfluu@gmail.com>
Date: Wed, 3 May 2023 10:17:04 +0200
Subject: [PATCH] only add hsts on HTTPS

---
 server.js | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/server.js b/server.js
index dd0231a..c58e641 100644
--- a/server.js
+++ b/server.js
@@ -263,11 +263,19 @@ app.use(fileUpload({
     }
 }));
 
-app.use(hsts({
+const hstsMiddleware = hsts({
     maxAge: 31536000,
     includeSubDomains: true,
     preload: true
-}));
+})
+
+app.use((req, res, next) => {
+    if (req.secure) {
+      hstsMiddleware(req, res, next)
+    } else {
+      next()
+    }
+})
 
 app.use(bodyParser.default.json({ limit: "100mb" }));
 app.use(bodyParser.default.urlencoded({ limit: "100mb", extended: true }));